You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by 王帅杰 <sh...@jsi.buaa.edu.cn> on 2008/04/07 04:08:49 UTC

could you please send me a sample client-deploy.wsdd for encryption?

wss4j-dev,I am a graduate student who is working on wss4j, and I encounter some problems.
			What I want to do is using  WSDoAllSender to encrypt message,and send it to the server, here is the problem:
			I know that the encrpt procedure is this:
			1. client sends its certificate to server
			2. server generates a dynamic session key ,and encrpt this key using client's public key
			3. server sends the encrypted key to client
			4. client decrypts the message with its private key  and gets the session key
			5. following, client and server will use this session key to encrypt/decrypt message being sent between them...
			
			So am I right?
			If I am right, this is what I want to achieve, but when I use wss4j, there seems to be some problem.
			my client-deploy.wsdd file   is as this:
			****************************************************************
			deployment xmlns="http://xml.apache.org/axis/wsdd/"
	xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
	<transport name="http"
		pivot="java:org.apache.axis.transport.http.HTTPSender" />
	<globalConfiguration>
		<requestFlow>
			<handler
				type="java:org.apache.ws.axis.security.WSDoAllSender">
				


				<!-- this is used for Signature and Encrypt -->
				
					<parameter name="action" value="Encrypt" />						
					<parameter name="encryptionPropFile"
					value="crypto.properties" />
					<parameter name="encryptionUser" value="wsj" />
					<parameter name="encryptionKeyIdentifier"
					value="X509KeyIdentifier" />
				
				<!-- this is used for Signature and Encrypt -->


			</handler>
		</requestFlow>
	</globalConfiguration>
</deployment>
			****************************************************************
   		but is seems that when configured this way, client will use RSA to encrypt the data, client will use the public key of the 
		user to encrypt the data, so server needs to hold the private key of client in order to decrypt data, this isn't what we want.

		But I think this is just a configure problem with  WSDoAllSender, so please tell me  how can I configure the WSDoAllSender to implements
		"session-key" mode? If possible, please send me a sample client-deploy.wsdd and server-deploy.wsdd.
best regards,
			shuaijie wang
        shuaijie.wang@jsi.buaa.edu.cn
          2008-04-03